Simplify AWS Lambda Deployments Using GitHub Actions

Kasun de SilvaKasun de Silva
4 min read

Hey, serverless builders! 🚀 Exciting news from AWS!

AWS has launched a feature that direct support for deploying AWS Lambda functions using GitHub Actions. This new capability significantly streamlines the deployment process, eliminating the need for complex, custom scripting and boilerplate code.

Before this, deploying a Lambda function from a GitHub workflow required manual steps to package code, configure IAM roles, and handle potential errors. Now, a dedicated GitHub Action handles all of this for you with a simple, declarative YAML configuration. This means less friction, faster deployments, and more time for you to focus on building amazing serverless applications.

What's New?

The new "Deploy Lambda Function" GitHub Action simplifies your CI/CD pipeline by providing a direct and secure way to update your Lambda functions.

  • Declarative Configuration: Define your deployment settings—like runtime, memory, and environment variables—directly in your GitHub Actions workflow file.

  • Automatic Packaging: The action automatically handles the packaging of your function code, supporting both .zip file and container image deployments.

  • Seamless IAM Integration: It integrates with AWS IAM using OpenID Connect (OIDC) authentication, which is the most secure way to grant your GitHub workflows temporary, short-lived credentials without ever storing long-lived secrets.

This new workflow is a huge win for developer experience, making it easier than ever to adopt a fully automated, Git-based deployment strategy for your serverless projects.

Step-by-Step Guide: Deploying a Lambda Function with GitHub Actions

Ready to get started? Here's how you can set up a GitHub Actions workflow to automatically deploy your Lambda function.

Prerequisites

  1. A Lambda Function: You need an existing AWS Lambda function. If you don't have one, create it in the AWS Management Console or with the AWS CLI.

  2. IAM Role for OIDC: Configure an IAM role in your AWS account that trusts GitHub's OIDC provider. This role will grant your workflow the permissions it needs to deploy the function. This is a crucial security step!

  3. A GitHub Repository: Your Lambda function code should be in a GitHub repository.

Step 1: Configure IAM for OIDC

First, set up a trusted relationship between your AWS account and GitHub.

  • Navigate to IAM in the AWS console.

  • Under Access management, select Identity providers.

  • Choose Add provider and configure an OpenID Connect provider with the URL: https://token.actions.githubusercontent.com.

  • Create a new IAM role that uses this provider and grant it the necessary permissions, such as lambda:UpdateFunctionCode and lambda:UpdateFunctionConfiguration.

Step 2: Create Your GitHub Actions Workflow File

In your GitHub repository, create a new file at .github/workflows/deploy.yml. This YAML file defines the deployment process.

YAML

name: Deploy Lambda Function

on:
  push:
    branches:
      - main # This workflow runs on pushes to the 'main' branch

jobs:
  deploy:
    runs-on: ubuntu-latest
    permissions:
      id-token: write # Required for OIDC authentication
      contents: read  # Required to check out the repository

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: arn:aws:iam::123456789012:role/GitHubActionRole # Replace with your IAM role ARN
          aws-region: us-east-1 # Replace with your AWS region

      - name: Deploy Lambda Function
        uses: aws-actions/aws-lambda-deploy@v1
        with:
          function-name: my-lambda-function # Replace with your function name
          code-artifacts-dir: ./dist # The directory containing your packaged code

Step 3: Push Your Code and Watch it Deploy!

That's it! When you push new code to the main branch of your repository, GitHub Actions will automatically trigger this workflow. The aws-lambda-deploy action will package the code from your specified directory (./dist in this example) and deploy it to your Lambda function.

Beyond the Basics

The aws-lambda-deploy action is highly configurable. You can:

  • Deploy via Amazon S3: For larger deployment packages, you can specify an S3 bucket to use as an intermediate location.

  • Configure Function Settings: Update your Lambda function's runtime, memory, timeout, and environment variables directly within the workflow.

  • Use Dry Run Mode: Test your deployment configuration and permissions without making any changes to the function itself.

With this new feature, AWS is making it simpler and more secure to manage the entire lifecycle of your serverless applications. Happy coding! 💻✨

For more details and advanced examples, check out the AWS Lambda Deploy GitHub Action repository: https://github.com/aws-actions/aws-lambda-deploy.

0
Subscribe to my newsletter

Read articles from Kasun de Silva directly inside your inbox. Subscribe to the newsletter, and don't miss out.

github-actionsaws lambdaci-cd#AWSCommunityBuilders

Written by

Kasun de Silva
Kasun de Silva